The EU General Data Protection Regulation, aka GDPR, is the EU-wide legislation about companies and other entities protecting the personal data of individuals. It came into effect in 2018, forcing every single company registered in the EU to start caring about how they handle data like people's names, e-mail addresses, birth dates, and everything more sensitive. It also had an effect way beyond just the EU. And I was really pissed about it:
As somebody running a company, at first, becoming GDPR-compliant was a hassle, a time and money sink. I thought that the only thing we were doing was hiring lawyers to create lengthy privacy policies that nobody will read and developing cookie banners that everybody will hate. And in the end, we'll manage what little personal data that we collect in the same way as before, since we already were conscious about keeping them safe.
We need more groundbreaking regulations such as GDPR. Yes, we the companies will complain about having to work to become compliant and because we hate rules that aren't ours. Yes, we the people will complain because there's always something to complain about. But ultimately, this is what governments should do: create legislation that protects those who are less capable of asserting their interests, or dare I say, who're weaker.